Welcome to our "Facebook Login" Tutorial, where you learn secure ways to sign into your account, how to protect it from unauthorized access with login approvals, monitor recent activity, and regularly change your password to a hacker-proof combination!

The world's most popular social networking website is one of the most active online player when it comes to security: this tutorial shows you just about everything there is to know about securing your account from others, how to login to Facebook from public computers, associate a cell phone for mobile access or receiving notifications whenever someone tries to access your account, and much more! If needed, one of our other one-page tutorials shows you how to create a Facebook account!

Login to Facebook Account

Facebook Login Page

The exact web address for the Facebook login page is facebook.com/login.php - but if anyone is currently signed in, however, going to this URL will only redirect you to that person's Facebook homepage. If this is the case, just click on the gear icon in the top right corner, choose "Log Out", and start over.

The Facebook homepage shows the sign-in form (top right) and the sign-up form (for new accounts, bottom right). Enter your full email address in the sign-in form's "Email or Phone" field:

Note: in the first text box, you can enter either your primary email address (the one you supplied when you first signed up), or any email addresses you've since added to your account. If you have added a cell phone to your profile, you can enter it as username instead of an email address.

Sign in with a different username

But Facebook is even more flexible: it also allows you to enter your ID as username. That's the end of the vanity URL (web address) for your profile, which can be changed as well. Here's an example:

Side info: the only reason you generally can't simply use your full name as username is that other people with a Facebook profile may have the same first name and last name as you do. In that case, you'll get a confirmation screen that checks as which user you'd like to login: Clicking the "Not {first name}" link sends you to a blank sign-in screen to login as a different user.

Facebook password

Next, enter your Facebook account password: note that it is case-sensitive (uppercase and lowercase letters are considered different characters!) So, make sure that CapsLock is turned off, and pay attention to your capitalization. If you cannot remember your password, click on the "Forgot your password?" link under the second text field (we covered the recovery process under "Reset Account Password").

Tip: if you enter a wrong password, you'll get a "Please re-enter your password - The password you entered is incorrect. Please try again (make sure your caps lock is off)" error message on the next page. Either try one more time, or click on the "Request a new one" link to reset your password.

Automatically login to your account

To quickly login to Facebook in the future and bypass the sign-in page altogether, just check the "Keep me logged in" checkbox: but only use this "remember me" option from your own desktop computer / laptop or mobile device. Otherwise, anyone who types "facebook.com" in that particular browser will automatically login to your account!

Tech info: behind-the-scenes, Facebook will create a "cookie" (small text file), saved under your profile folder for that particular web browser. It doesn't store your password, only the information to let Facebook that you want to automatically sign in. This cookie will eventually expire, which is why you'll be asked to login again after a while (2-3 weeks, typically). Other factors may force you to re-login sooner than that: if someone logged you out, or a password change, for example.

Login to Facebook!

Click on the Log In button to access your account - you are done! You'll remain signed into your account for at least as long as the browser window stays opened, and longer if you checked the "Keep me logged in" option - when checking Facebook from a computer other than yours, always manually sign out at the end of the session (explained in the next section).

Logout of Facebook

To sign out of your Facebook account, click on the gear icon in the top right corner, and choose Log Out at the bottom of the dropdown menu. Facebook will redirect you to the homepage with the sign-in and sign-up form, the one we start with! If you hit your web browser's Back button, no content will show.

That's because when you access any Facebook page, the social network checks if you are logged in: if not, what you see depends on the sensitivity of the page in question: another person's profile will show some information; an account management screen will show the sign in form instead. To be safe, always close the browser tab / window once you've signed out.

Tip: if you are concerned about erasing traces of your username in the sign-in form, just double-click inside the "Email or Phone" field, and move your mouse pointer above the username you want to remove. Then, hit the Del / Delete key: in all web browsers that support Auto-Complete, this will remove this user name (and erase the saved password associated with it, if any).

Facebook Login Security

Secure browsing (https)

By default, secure browsing is enabled for all Facebook accounts: you can check if SSL / TLS is currently enabled in your web browser's address bar: while what you see depends on your browser, you should see both a padlock icon and the URL (web address) start with "https://", as shown below:

To change these security settings (not recommended), click on the gear icon (top right) and choose Account Settings: click Security on the left, and Edit on the right, next to "Secure Browsing". Check or uncheck "Browse Facebook on a secure connection (https) when possible" and save the change:

Tech note: if someone disabled https to make Facebook faster, anything you read and write on Facebook travels unencrypted over the web. This traffic becomes easier to intercept, especially on unsecured / open wireless connections (coffee shop), or public computers (school, library...)

To setup Login Notifications (disabled by default), click on the gear icon and pick Account Settings: then, click on "Security" on the left.

Click on the Edit link next to "Login notifications are disabled", and check the Email and/or Text message/Push notification checkboxes. (Push notifications are useful on mobile devices -tablets, smartphones...- especially when using an app to connect to Facebook.) You'll need to add a cell phone to your account before you can use the SMS option. Enter your password and click Save Changes:

Login approvals

By default, Facebook will let you sign in to your account from anywhere, as long as you are able provide the correct username and password. With "login approvals" enabled, you need to enter a security code before Facebook lets you login from a new web browser or device (phone, tablet...) To use this feature, you only need a cell phone associated with your account (one that supports SMS text messaging).

Tip: if you don't have a cell phone that you can pair up with your Facebook account, read the next section ("Code Generator") to get your security code through a third-party QR code reader app.

To setup this feature, click on the gear icon (top right) and choose Account Settings; then, select the "Security" options on the left. Now click on the Edit link and check the "Require a security code to access my account from unknown browsers" checkbox: confirm by clicking on the Get Started button: Choose "Android, iPhone, or iPod touch [/ iPad]" or "Other" and click Continue. If you don't have the official mobile Facebook app installed on your phone / tablet, get it or update it from the app store.

For the iOS or Android phone app, tap on the More button (bottom right), and scroll down - on the tablet version of the Facebook app, tap on the menu button (top left) and scroll down. Tap on the Code Generator icon: you'll see a 6 digits security code. Back in your web browser, click on the Continue button: type the code you were given and click Confirm.

Finally, enter the confirmation code Facebook just sent you by SMS text message and click Continue (all this is a one-time ordeal!)

You are done: optionally check the "No thanks, require a code right away" checkbox to start using login approvals immediately, and click Close.

Code generator

This setting is useful if you don't have a cell phone or data plan that supports text messages or your phone is tied to another Facebook account (you'd have to remove it from that account first). From the gear button dropdown (top right corner), go to "Account Settings" and click Security on the next page (left pane). Click on the Edit link next to Code generator, and click on "Setup another way to get security codes":

If prompted to do so, enter your Facebook password and click Submit.

A dialog will pop up offering you two ways to tie your phone and Facebook account: download a QR code reader app of your choosing, and scan the QR code that appears on screen, or manually enter the secret key shown in green text on your screen. Then, type the security code you get from the app inside the text box at the bottom, and click Confirm.

Side info: a QR code ("Quick Response Code") is like a barcode, but its format allows to store many more combinations than the standard lines you find on the back of books and any supermarket item.

Note: if you want to turn off the feature altogether, click on the "Disable Code Generator" link; you'll get a "If you remove Code Generator, you won't be able to use it to bypass Login Approvals" warning message - confirm to remove the code generator, or click Cancel to keep it.

Recognized Devices

The so-called "Recognized Devices" are (desktop or mobile) web browsers and apps from which you have already signed into your Facebook account: if you just added login approvals, you may want to go over the list, and optionally remove some of these (in the future, if login approvals are enabled), no device will be able to login (therefore, be added to the list) unless they are able to verify the security code sent to the cell phone registered with this account!

To manage these trusted devices, click on the gear icon (top right) and choose Account Settings: on the next page, click "Security" (left).

Under "You won't get notified or have to confirm your identity when logging in from these devices" are listed the currently approved devices and browsers (IE on Windows / official Facebook app for iPhone). Always at the top, ("this device") is the browser or app from which you're looking at these settings. Clicking any of the Remove links will delete that device from the list - the next time you login from it will require authentication just like brand new devices (having to use a security code...) Manually removing devices is a powerful and easy way to make Facebook "forget" about temporary locations from which you accessed your account - a friend's house, the public library, a shared computer at school, etc.

Active Sessions (Login Activity)

Facebook keeps track of "active sessions" for your account: these include anyone currently logged in, and recent logins that have not (yet) signed out. You can check this list at any time, and force-logout anyone who should not be signed in. This feature is extremely useful if you checked your account from a public computer and forgot to logout. To access your active sessions, click on the gear button in the top right corner of any Facebook page, and choose "Settings". Click "Security" in the left column of the next screen, and click on the active session bar at the bottom of the right pane:

See who's currently logged into your Facebook account!

You'll get a breakdown, starting with the current session (which is the browser or app you are using to look at these). Follows, by chronological order, a list of other web browsers and apps that last logged into your account, with the most recent login activity at the top.

Notice that each session shows browser / app name and platform (IE Windows, Facebook Android, Facebook iPad, Facebook iPhone). The device name is not always 100% helpful: in our case, for example, it should say "Amazon Kindle Fire" instead of just "Android".

You also get the city from which the login occurred.

Each current, recent, and older session includes an End Activity link: clicking on it will forcibly log out that person / device. They will be able to log back in only if they supply the correct username and password (plus any other security measure you've put in place, like security codes for login approvals). This feature is akin to the one that lets you sign out other people after you've changed your Facebook password(but this last one logs out everyone out of your account).

Facebook Account Help

Change name

Because Facebook requires that you use your real name, you can only change it 4 times after you've setup your account. To do so, click on the gear icon (top right) and choose Account Settings; on the following page, click on Edit on the right of your current full name. Enter your first name, last name, and optionally a middle name (female Facebook users often use this field for their maiden name). The "Display as" dropdown lets you choose to show your last name before your first name: You can also add a nickname inside the "Alternate name" text field, and show it on your timeline. For security reasons, enter your password before to change your name, and click Save Changes.

Change username

Your username (aka"vanity URL") are the period-separated words that appear in the web address of your Facebook profile: Before clicking on the Edit link, make sure that you have a cell phone number associated with your Facebook account (for verification purposes). Type a new username: if you get a "Contains invalid characters" error message, remove any spaces and special symbols: Click "Save Changes" your Facebook URL and Facebook email address have now been changed.

Tip: it's a lot simpler to sign in with your email address (easier to remember), but the Facebook login form will also accept your username. If you change username, remember to use the new one! Even if your Facebook email address is now different, you won't lose any of your messages.

Change email address

The email account supplied when you signed up for Facebook is your username, but also used for account notifications: make sure that it is valid and that you have full access to it. From the gear icon (top right), choose "Account Settings": on the next page, click on the Edit link next to your primary email address and choose to "Add another email".Then, enter you Facebook password and click "Save Changes".

Go to the new account's inbox to click on the confirmation link Facebook sent you. Once you do, you'll get an "Changes Saved" notice: click on it. You can now make the new email address the "primary one", and optionally remove the old one. Re-enter your Facebook password and click Save Changes.

Note: if you removed the old email address, remember to start using the new one only when you sign in to your Facebook account! If you left it "on file", you can use either address to login.

Change language

The default language Facebook uses for your account depends on the country from which you signed up, but you can change the language for your account. Click on the gear icon (top right) and choose "Account Settings": click on the Edit link next to your current language, and pick one of the 80 languages Facebook currently supports (including regional variations - like Canadian French vs. France French, etc.) Click "Save Changes" when you are done!

Change language for the Facebook Sign in page

When you are not currently logged into Facebook, the homepage will show the most popular languages at the bottom of the screen: just click on any of them, or click on the ellipsis button (as shown on the screenshot) to choose from one of 53 languages Facebook currently supports!

Change password

Once signed into your Facebook account, click on the gear button and pick "Account Settings". The next screen displays the "last-changed" date and time (or "Password never changed"). Click on the Edit link.

Enter your current password in the first field, to verify your identity.

Then, type your new password twice (for confirmation). It is case-sensitive, so make sure that CapsLock is turned off, and pay attention to your capitalization. When you are done, click "Save Changes":

Facebook's guidelines to Create a Strong Password:"As you create your password, remember the following:• It should not contain your name.• It should not contain a common dictionary word.• It should contain one or more numbers.• It should have both upper and lower case characters.• It should be over 8 characters long.• It must be different from your old passwords."

Note: whenever you change your password with login notifications turned on, you'll typically want to always opt to "Save Browser" on your own computer, to avoid having to confirm the device / browser whenever you sign in. This is the message you'll otherwise get all the time: "Remember Browser - Because you have Login Notifications enabled, you will receive a notification when you log in from a new browser. Please save this browser if you use it often".

Optionally logout other users

You will get a "Log out of other devices?" message when your new password has been registered: if you select Log me out of other devices, anyone (presumably only you) currently signed into your account will be force-signed-out. If you choose Keep me logged in, other people and/or computers / cell phones / tablets / etc. will not be signed out, but will be asked to supply the new password the next time they login (even if they checked the "Keep me logged in" checkbox when signing in).

Caution: if you ever receive an email whose subject line reads "Somebody requested a new password for your Facebook account", click on the link at the bottom of the message, in the sentence If you didn't request a new password, let us know immediately. If you didn't initiate the change, it could either be an innocent mistake (not likely), or someone trying to hack into your Facebook account on a public computer from which you forgot to sign out.

Reset Account Password

If you cannot remember or lost your password, click on the "Forgot your password?" link under the Facebook login form: it will load a page that lets you recover account access by supplying your email address, your cell phone number, or your full name (as you entered it when you signed up).

Click on the Search button. You'll get a summary screen that lists your primary email address, shows your full name, and your profile picture: if this information does not match your profile, start over by clicking on the "Not you?" link. (You'll have extended recovery options if you cannot provider any of this, and click on the "No longer have access to these?" link.) Click "Continue" to reset your credentials by email: Enter the security code sent to that email account; then, follow the steps and set your new password!

Mobile Facebook Login

Add Cell Phone Number

Having a smartphone like an iPhone or Android devices brings your Facebook experience to the next level: but any kind of cell phone that supports SMS text messaging will give you access to all kinds of account security features. To add a phone to your account, click on the gear icon in the top right corner and pick "Account Settings". On the next screen, select Security on the left.

Click on the Add a Phone button: make sure that the right country for your cell phone is selected, and choose your provider from the Mobile Carrier dropdown. (If it isn't listed, click on the "add phone number here" link and follow those instructions.)

Click Next. Text the letter shown to the number 32665 (it spells out "fbook" on the keypad). Within seconds, you'll receive a Facebook Mobile Confirmation Code: type it in the text box, and choose whether to share your phone number with Facebook friends and/or to allow them to send you text from their Facebook accounts. Click Next to continue: you'll get an SMS confirmation on your phone, and a summary screen: click on any of the "Edit" links to change your preferences.

What is a "Post-By-Email Address"? the randomly generated email address you see at the bottom of the confirmation screen, which ends in "@m.facebook.com", lets you post videos or photos right from your phone, by emailing them to that address. Because it is unique, Facebook knows that it is associated to your account. If you send text in the body of that email, it will be posted as a status update on your timeline. Caution: never share that post-by-email address with anyone!

Facebook Sign in Tips

Login to Facebook from other websites / applications

Tech note: through the "Facebook Login API", it's possible to sign in to a website or app with your Facebook credentials. Behind-the-scenes, third-party websites rely on Facebook to check your identity, and get some kind of data back, which then allows you to perform some kind of action on their site (like commenting). The exact data these sites / apps request will always be specified.

You will find many websites that allow you to login using your Facebook profile: while these sites won't get your password, they'll nearly always (need to) collect some type of information: once a site or app has your Facebook login, they can often take actions on your behalf (like posting something on your wall / timeline, adding status updates, etc.) For this reason, you should be very careful when you allow access to parts of your Facebook account to applications: make sure that they are reputable, and ideally require little to no information from your account. Here's a typical "Log in with Facebook" popup, the type you'll encounter on third-party websites, commonly used to participate in user comments: Three things to notice from the screenshot above: 1) the web address bar (URL field) is clearly hosted on facebook.com; 2) you will get a breakdown of the permissions and data this particular application seeks; 3) the word "public profile" is blue, like a link: move your mouse pointer above it to show which info the app wants. (Note: in some cases, these buttons may read "Connect with Facebook".)

Tip: if you do want to sign in to that website or app, double-check the profile picture. If the wrong Facebook user is selected, just click on the dropdown arrow in the top right corner of the popup, and choose "Switch User" (you'll then be redirected to the "You must log in to continue" screen).

Login with a different email address

You can sign in to your Facebook account with any email account you want (AOL Mail, Gmail, MSN Hotmail / Outlook.com, Yahoo Mail, your internet service provider, etc.) The email address you use to login is the one you entered when you signed up, but Facebook lets you add multiple email addresses to your profile, and any of them can be used to sign in. So, if you prefer to use a different address, just register it with this account. (Make sure that it isn't used for another Facebook account, or you'll get a "The email address you entered is already in use on another Facebook account" error message, and won't be able to add it.)

From any page, click on the gear icon (top right) and choose "Account Settings": click on the Edit link next to your current email address, and click "Add another email". Once you've saved the change and confirmed that you own this account (Facebook will send you a confirmation link to that address), you'll be able to use it instead of the other one. You don't even have to delete the old one: you can use both!

Tip: the only difference is that all account notifications will be sent to the "primary" email address. If you have a preference, just select another as primary address and click Save Changes: